#pragma once

//#include <srs_app_security.hpp>
#include <srs_core.hpp>
#include <srs_rtmp_stack.hpp>

#include <string>

class SrsConfDirective;

/**
* the security apply on vhost.
*/
class SrsSecurity {
public:
    SrsSecurity();
    virtual ~SrsSecurity();
public:
    /**
    * security check the client apply by vhost security strategy
    * @param type the client type, publish or play.
    * @param ip the ip address of client.
    * @param req the request object of client.
    */
    virtual int check(SrsRtmpConnType type, const std::string& ip, SrsRequest* req);
private:
    /**
    * security check the allow,
    * @return, if allowed, ERROR_SYSTEM_SECURITY_ALLOW.
    */
    virtual int allow_check(SrsConfDirective* rules, SrsRtmpConnType type, const std::string& ip);
    /**
    * security check the deny,
    * @return, if denied, ERROR_SYSTEM_SECURITY_DENY.
    */
    virtual int deny_check(SrsConfDirective* rules, SrsRtmpConnType type, const std::string& ip);
};
